Year: 2007

I got the question last week, why there are so many logon failure events on Windows XP when it is not domain joined. The short answer is, by design. (Yes, bad design.) The longer answer is that the shell team is working around the fact that there is no “tell me if this user account…

So a long time ago, back in my days of providing technical support for Windows NT 4.0, I published “Security Event Descriptions“. This article was the “schema” so to speak, for the Windows NT 4.0 security event log events. Technically Windows events are not schematized until Windows Vista; or put another way the schema is implicit based…

A German court has ruled that a government web site may not retain IP addresses and other personally identifiable information (PII) in their logs for any longer than the user is actually using the site. The judges pointed out that in many cases it was simple to map an IP address to an identity with…

As I wrote about earlier, TorrentSpy, a file-sharing search engine, was ordered by a U.S. magistrate to enable logging on its servers and to subsequently make those logs available to the MPAA, the plaintiff in an illegal file-sharing lawsuit against TorrentSpy. They have lost their appeals and as a result have decided to block US…

Researchers in the state of Ohio in the United States have discovered that by analyzing the logs produced (by law) from e-voting machines used in certain counties, they can determine the vote(s) each voter made. Further, the logs, by law, must be produced on demand, as part of our open elections process. I haven’t read…

http://arstechnica.com/news.ars/post/20070811-iphone-bill-is-surprisingly-xbox-huge-lol.html Fortunately for customers they strip out all the interesting details that would make it useful to, well, anyone.

From time to time I hear this, and it usually turns out not to be the case. I’ll begin with a little background.First, The eventlog service does not have (and never did have) any public or private API to delete individual events- there is a log clear API but nothing else. The eventlog team thought…

I’m hearing lots of complaints that we don’t have KB articles on these yet. Doriansoft has a blog post complaining that the “add 4096” rule doesn’t work because we collapsed the logon events into a single success event and failure event (from 2 success events [528, 540] and 10 failure events [529-537, 539]). Well, In Vista…

To comply with EC telecommunications logging directives (as other EU nations recently have), the UK has passed a law that starting October 1 telecommunications firms must generate and retain logs of landline and mobile communications for one year. http://www.out-law.com/page-8332http://www.jisclegal.ac.uk/publications/dataretention.htm VoIP calls are not covered by the new law.